Sequimtech BLOG FEED

Friday, June 1, 2018

Q&A: Should You Reboot Your Router Like the FBI Says?
By The Associated Press
May 30, 2018
Last week, the FBI recommended rebooting home and small office routers that could have been infected with disruptive malware, allegedly by sophisticated state-backed Russian hackers . An estimated half million routers and network-attached storage devices have been infected.
But even the FBI acknowledges this step will only "temporarily disrupt" the malware. Here are some questions and answers about the situation:
Q: How can I tell if my router is infected?
A: Short answer: You probably can't. Routers aren't very consumer-friendly, and most people lack the ability to get deep enough inside the device to tell if it's infected.
Q: If my router was infected and I reboot, is it safe?
A: No. Turning an infected router off and on again only removes some of the malware — such as elements that could snoop on your internet activity or even overwrite the basic code on your router, thus "bricking" it (that is, turning it into an inoperable brick). The core infection persists on reboot and there's no simple way to delete it.
The good news is that last week, the FBI seized of the command-and-control server that sends instructions to the infected routers, disrupting the zombie network that could be used to mount a crippling internet-based attack. The bad news is that the persistent malware is in listening mode, awaiting instructions. "So all the cards are still on the table," said Craig Williams of Cisco's Talos cyberthreat intelligence team, which identified the operation it calls VPNFilter.
ADVERTISEMENT
Q: Why can't I completely remove the malware from my router?
A: For starters, routers are difficult for ordinary users to fiddle with. They have publicly known vulnerabilities that aren't easy for average users to patch and typically aren't equipped with anti-virus software packages or intrusion protection systems. That said, if you can update your router's "firmware" to the latest version — something you can often do via the router's phone app or web interface — you should. It may not fix the problem, but it won't hurt and may help.
Q: Which devices are affected and where can I learn more?
A: Cisco identified these companies as makers of affected devices: Linksys, Mikrotik, Netgear, TP-Link and QNAP. It said most of the infected routers are in Ukraine. You can find more details from Talos and the United States Computer Emergency Readiness Team . The FBI says it has nothing new to report beyond the announcement it put out Friday.
You have 4 free articles remaining.
Subscribe to The Times
___
Links:
FBI announcement: https://www.ic3.gov/media/2018/180525.aspx
Talos blog: https://blog.talosintelligence.com/2018/05/VPNFilter.html
U.S. CERT release: https://www.us-cert.gov/ncas/alerts/TA18-145A

Total Pageviews

What My Lawyer Wants Me to Say:

NOTE: Always scan any files you download from ANY site. I scan my files with FOUR different anti-virus programs, including: Malwarebytes, Spybot, Microsoft Security Essentials and AntiVir.

These documents are provided for informational purposes only. The information contained on this BLOG represents the current view of Thomas Pitre Associates on the issues discussed as of the date of publication. We do NOT guarantee the accuracy of any information presented after the date of publication.

If you see or read something here that is distasteful in any way, then "turn off the channel" and go away, please.

INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND FREEDOM FROM INFRINGEMENT.

This newsletter and website may contain links to other websites. We do our utmost to review or screen these sites, but we are not responsible or liable for their privacy or data security practices, or the content of these sites. Additionally, if you register with any of these sites, any information that you provide in the process of registration, such as your email address, credit card number or other personally identifiable information, will be transferred to these sites. For these reasons, you should be careful to review any privacy and data security policies posted on any of these sites before providing information to them.

The user assumes the entire risk as to the accuracy and the use of the contents of this BLOG.

Header image LOGO by J. Burroughs, 2017.

Images used on this site, unless otherwise credited (if possible), are those copyright images of the site editor and publisher, T. Pitre.